Wide-scale disruption continues in Ireland after cyberattack

2021 05 19 19 26 3929 Internet Digital Security 400

Radiology service providers across Ireland are still facing major difficulties in the wake of last Friday's ransomware attack that caused the shutdown of many computer systems. There are now media reports of the hackers posting patient data online to bolster their demands for a $20 million (16.4 million euros) ransom.

"Sadly, we have no improvement to report, but our workaround solutions are becoming more defined," Dr. Adrian Brady, a consultant radiologist at Mercy University Hospital in Cork, told AuntMinnieEurope.com on the afternoon of 19 May. "Our normal PACS & RIS networks may be offline for weeks, so we're trying to maintain services by other means as best we can, but it's limited, and a real struggle."

He said some new reports in the Irish media are downplaying the severity of the disruption, on the basis that some large hospitals in Dublin are less affected than others.

"These hospitals, and their patients, are lucky. I'm pleased for them, but the disruption for most of us remains huge," added Brady, who is first vice president of the European Society of Radiology.

Profound impact

The chief clinical officer of the Health Service Executive (HSE), Dr. Colm Henry, said the attack was having "a profound impact on our ability to deliver care" and that disruptions would undoubtedly "mount in the coming days and weeks," according to a report posted by the Associated Press on 18 May.

Dr. Colm Henry. Courtesy of PA Images / Alamy Stock Photo.Dr. Colm Henry. Courtesy of PA Images / Alamy Stock Photo.

More than 2,000 patient-facing IT systems were affected, and around 80,000 devices were linked to such systems throughout the health service, Henry said.

The authorities are prioritizing the recovery of systems involved in patient diagnostics, such as radiology, radiotherapy, and maternity and newborn services, and "hundreds of people" have been assigned to respond to the attack, but it could be weeks before the public health service will return to normal, continued Henry, who previously worked as consultant geriatrician and clinical director at the Mercy University Hospital in Cork.

An HSE update issued on 19 May noted that emergency departments are very busy and patients requiring nonurgent care should expect significant delays.

"Hospital emergency departments are relying on manual processes for a lot of their work at the moment," the HSE stated. "Due to the IT issues and manual work arrangements now in place, patients needing nonurgent care will experience long delays."

Actions of the hackers

To further their ransom demand for almost $20 million (16.4 million euros), the hackers have shared online medical and personal information about Irish patients, according to a 19 May report by the Financial Times (FT).

The records included internal health service files, such as minutes of meetings, equipment purchase details, and correspondence with patients, and they were offered by the "ContiLocker Team" as samples to prove that they had confidential information, the FT reported. Conti is the name of the type of cyberattack perpetrated on the HSE; it is characterized by taking control of systems and stealing data and is associated with a group operating out of Russia and Eastern Europe, the FT said.

"The HSE patient and business files were offered in a chat between ContiLocker Team and an unnamed user, which can be viewed at separate links on the internet and dark web. The chat includes a link to "samples" of the data Conti has, along with a password to access the samples. The files were emptied when the FT examined the link, but the names of the empty files corresponded to files shared with the FT by a person who accessed the link earlier in the week," the report noted.

The 27 files included the personal records of 12 individuals. One file reviewed by the FT included admission records and laboratory results for a man who was admitted to hospital for palliative care. The broad details in that file matched a subsequent death notice seen by the FT.

Earlier on Tuesday, Stephen Donnelly, Ireland's health minister, told an Irish radio show that police were examining "heavily redacted materials" that had been published online, and that Ireland had "no verification that what has been posted is real data," the FT reported.

Ireland's National Cyber Security Centre (NCSC), which is leading the investigation into the hack, told the FT that criminal gangs "habitually release stolen information as a means of pressurising organisations into paying a ransom," and the NCSC "is working with the Garda National Cyber Crime Bureau and international partners to identify any such material, verify it, and then take all available measures to limit the exposure of the personal data online."

Breast and cervical exams

Meanwhile, all BreastCheck screening appointments are proceeding as normal in the country's four breast screening static units and mobile units, according to an article posted on 19 May by thejournal.ie.

"Women are being asked to attend their appointment or to let their breast-screening unit know if they can no longer attend so that the slot can be offered to someone else," stated the report, adding that Cervical Check smear appointments booked for this week have been postponed until next week or beyond that, as part of the HSE's response to the ransomware attack.

Page 1 of 1235
Next Page